[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[FC2] pam_ldap and root user

From: ALBANI damiano <damiano albani univ-lr fr>
To: pam-list redhat com
Subject: [FC2] pam_ldap and root user
Date: Thu, 27 May 2004 12:30:49 +0200

Hello,

When I try to log in as root, the PAM stack uses LDAP to check the password. How can I prevent this ? I'd like to have a set of local users, so that PAM looks up in LDAP only if the user doesn't exist on the system. I've put everywhere pam_unix.so as 'sufficient' and before pam_ldap.so, but to no avail :(

Here is my /etc/pam.d/system-auth :

#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_mount.so auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok use_first_pass auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so

account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 account sufficient /lib/security/$ISA/pam_unix.so account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_mount.so
session     sufficient      /lib/security/$ISA/pam_unix.so
session     sufficient      /lib/security/$ISA/pam_ldap.so

Thanks a lot,

--
Damiano ALBANI

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]